Change-Id: I66745953d2f32edcfa4038ef0eeb5ad1eb51c2f1
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4906
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,11 @@ |
0 |
+--- a/Src/subst.c |
|
1 |
+@@ -2337,7 +2337,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags, |
|
2 |
+ val = aval[0]; |
|
3 |
+ isarr = 0; |
|
4 |
+ } |
|
5 |
+- s = dyncat(val, s); |
|
6 |
++ s = val ? dyncat(val, s) : dupstring(s); |
|
7 |
+ /* Now behave po-faced as if it was always like that... */ |
|
8 |
+ subexp = 0; |
|
9 |
+ /* |
... | ... |
@@ -3,7 +3,7 @@ |
3 | 3 |
Summary: Z shell |
4 | 4 |
Name: zsh |
5 | 5 |
Version: 5.3.1 |
6 |
-Release: 4%{?dist} |
|
6 |
+Release: 5%{?dist} |
|
7 | 7 |
License: MIT |
8 | 8 |
URL: http://zsh.sourceforge.net/ |
9 | 9 |
Group: System Environment/Shells |
... | ... |
@@ -13,6 +13,7 @@ Source0: http://www.zsh.org/pub/%{name}-%{version}.tar.xz |
13 | 13 |
%define sha1 zsh=ec2a98c080f213c1c6c465c0c64662b5eae6818f |
14 | 14 |
Source1: zprofile.rhs |
15 | 15 |
Source2: zshrc |
16 |
+Patch0: zsh-CVE-2018-7548.patch |
|
16 | 17 |
|
17 | 18 |
BuildRequires: coreutils |
18 | 19 |
BuildRequires: tar |
... | ... |
@@ -58,6 +59,7 @@ This package contains the Zsh manual in html format. |
58 | 58 |
%prep |
59 | 59 |
|
60 | 60 |
%setup -q |
61 |
+%patch0 -p1 |
|
61 | 62 |
|
62 | 63 |
%build |
63 | 64 |
# make loading of module's dependencies work again (#1277996) |
... | ... |
@@ -144,6 +146,8 @@ fi |
144 | 144 |
%doc Doc/*.html |
145 | 145 |
|
146 | 146 |
%changelog |
147 |
+* Mon Mar 19 2018 Xiaolin Li <xiaolinl@vmware.com> 5.3.1-5 |
|
148 |
+- Fix CVE-2018-7548 |
|
147 | 149 |
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 5.3.1-4 |
148 | 150 |
- Requires coreutils or toybox and /bin/grep |
149 | 151 |
* Fri Sep 15 2017 Bo Gan <ganb@vmware.com> 5.3.1-3 |